Posted
by
Soulskill
on Saturday January 10, 2009 @01:09AM
from the never-stopped-'em-before dept.

deltaromeo points out a BBC report calling the UK's law requiring ISPs to retain users' emails for at least a year an "attack on rights." The article also points out financial and technical flaws with the plan (which we first discussed in October). TechCrunch goes a step further, detailing how it conflicts with other governmental goals. Quoting:
"...with one hand the government seeks to lock down the British Internet with an iron fist, while at the same time telling us it is boosting innovation and business online. It is quite clearly blind to the fact that one affects the other. Are we also expected to think that the consumers using online services are not going to be put off from engaging in the boom of 'sharing' that Web 2.0 created? How would you feel if every Twitter you sent, every video uploaded, was to be stored and held against you in perpetuity? That may not happen, but the mere suggestion that your email is no longer private would serve to kill the UK population's relish for new media stone dead, and with it large swathes of the developing online economy."

Not really. The U.S. has a Constitution which protects the People's rights from stupid Legislators passing anti-liberty laws. The government is forbidden from seizing or archiving personal mail or email. The UK does not have such constitutional protection.

It's too bad the EU Constitution did not pass. Its listing of Rights would have provided a basis to overturn this anti-privacy law in the EU Supreme Court.

Considering the UK is half in and half out of the EU (they still have their opt-opt status for many things), that most of the UKs people don't want to be further dragged into Europe and having the EU constitution pass allowing many freedoms in the UK taken away by Eurocrats, I'd say having email retained vs being dictated to by unelected officials is actually not as bad.

Note I said not *as* bad.The poor old UK has Europe on one side trying to erode their rights and their own government on the other doing th

Note I said not *as* bad.
The poor old UK has Europe on one side trying to erode their rights and their own government on the other doing the same but having to be more careful about it as they, unlike most EU politicians, actually get elected by the UK voters.

My impression is that of all the European countries the UK has gone by far the farthest in stripping its citizens' rights and liberties. Countries like Sweden are generally regarded as some of the freest in the world, so the EU can't be all bad. The EU may want to reduce your freedoms somewhat, but I'm quite positive it's nothing compared to what you've done to yourselves.

Not really. The U.S. has a Constitution which protects the People's rights from stupid Legislators passing anti-liberty laws.

Except that anything which makes it through the legislative process is considered to be "Constitutional" unless the US Supreme court says otherwise. One of the most obvious pieces of anti-consitutional legislation having been drafted by Joe Biden.

So the answer is to post your email address on every public forum you see. Let them go ahead and store the terabytes of spam per account. Meanwhile, get a gmail account or something for your real email.

Better yet, get your friends all to set up email accounts for drivel and get one of those markov-chain text generator thingies and send hundreds of emails a day between the accounts. For a bonus, attach random binary data (old jpegs etc.) to some of them.

Governments always try to take away people's rights. Honestly I don't know how politicians think they have so much power. A good ole fashion revolution would at least remind people that, Governments exist by the will of the people not the other way around.

The problem with the democratic process is that you've got to get such a quantity of people behind you. With revolution, you don't have to get a majority, as long as you've got the quality (the military is often quite a good clincher).

Anyone except home Windows users has an MTA (or two or three in the case of Linux) included in their OS, and can run their own email. I always use TLS for SMTP. So while the recipient may archive/distribute your email, the ISP won't be able to.

that is unless your residential ISP blocks port 25 outbound at their gateways (and it seems most do nowadays), then you are somewhat bound to at least relay your outbound messages off their servers... TLS doesn't protect much at that point.

It's not just your residential ISP that may be doing it. I administrate several large mail servers and I use PBL's. They stand for "policy block lists". These lists are submitted by those same ISPs and my mail servers reject any SMTP connections from those IP addresses.

SPAM has caused us to resort to blocking whole ranges of IP addresses from being able to send mail.

If people in the UK have a problem with this then they can use email addresses hosted on servers OUTSIDE the UK. That's the double edged sword of the Internet. You either have to allow it all, or block it all, and there is no in between. The Great Firewall (China), and the The Great Barrier (under construction down unda) will be more leaky than a pasta strainer.

How the fuck was this modded Informative? What non-geek, who can barely be encouraged to use something other an IE is going to go to the effort of setting up their own email server? And how can you measure the tangible benefits when they could just use something like GMail and get on with their lives?

Sounds like a golden opportunity for someone in a crypto-friendly jurisdiction to set up something akin to what HushMail used to be (before they were compromised by U.S. authorities). I can't be bothered to get such a beast started myself; have at it.

The law is supposed to catch "scary terrorists"
Given that there are dozens of ways to side-step your ISP's E-mail, do they only plan on catching the sort of terrorist that is computer illiterate?

And of course the only communication mechanism terrorists can possibly use is email in plain English (or Arabic). They'd never use codes, letters, telephones, dead drops (in either the physical world or "cyberspace"), face to face meetings, etc.Of course if you are not "Islamic" you'd probably be able to operate

While someone knowledgeable about the system they are using (i.e. Mac/Windows Pro/BSD/Solaris/Linux distro) will have to tell them a few specifics, it is just a matter of putting in localhost or the SMTP service instead of the ISP.

If the ISP blocks port 25, it costs about $10 USD/mo to contract with someone in another country without such laws to relay mail via port 587 (the standard submission port). Use port 80 if everything else is blocked. My home ISP blocks port 25, for instance, so I have to do tha

I find this whole saga slightly amusing. I ditched my ISP's email nearly ten years ago because 500 spam emails a day would soon max-out the 10mb mailbox limit. The fact that you had to use [first name].[last name]@isp.co.uk is ripe for a UK census name list attack makes it even more laughable.

As for the suggestion that random noise emails are sent as a poisoning tool: it's pointless. They are only saving headers.

Why is it that China's authoritarian system is excused by Western inconsistencies?

Let me point out that in China, the BBC (government-owned media) would never, ever be permitted to criticize the government, except in the case that the government engages in self-criticism. But no, the West is always wrong and China is always vindicated. I know some bigoted Chinese nationalists that agree 100% with that sentiment.

That may not happen, but the mere suggestion that your email is no longer private would serve to kill the UK population's relish for new media stone dead, and with it large swathes of the developing online economy.

I wish I had such faith in the awareness and caution of the average British consumer.

Since a very few years UK (also AUS) looks more like that dystopian paradise that was portrayed on 1984 by George Orwell, seriously, looks bad from a distant point of view. In times like this you can count on youth to say "not to easy" to the "system" sadly actual youth is severely handicapped and out of sync with reality. Oh well, I for one welcome 1984 Beta

A 110 floor building fell on it. The side of Building 7 facing the towers was TORN TO SHREDS. Of course it was going to collapse, because it was structurally compromised. Now it might have stayed standing despite that wxtreme damage, but since the whole building was an inferno, the steel literally melted and then failed.

As for the Pentagon, even if it had stayed in pristine shape and was never struck, isn't the attack on the Twin Towers enough reason to assassinate Bin Laden? I say yes.

That was my first thought. When I was young and naive, I posted to Usenet under my real name. I knew that was for worldwide distribution, but at the time I didn't expect it to be for worldwide *perpetual* distribution. Then DejaNews comes along and brings back a lot of things that I'd expected to fade away like BBS posts used to do.

I'm lucky. There's nothing horribly embarrassing or wildly contradicting my current opinions out there. I'd hate to be, say, a reformed racist who'd posted some crazy stuff out there, and who now gets to have people he meets form their opinions about him based on who he was ten years ago.

These days my real name is a conformist sheep, and I keep my crazy politics to pseudonyms. And even still, I have to think twice about what I say because I know the government is archiving it all for when they want to cherry-pick it to declare me unpatriotic if I embarrass them in some major way. I've accepted that level of exposure, but it's disheartening that the world's superpowers are devolving into this level of totalitarianism.

Well, neither am I. I can admit when I was wrong, and I can take the heat for the things I think are right despite being unpopular ideas.

But that's beside the point. The problem is when I'm not given the opportunity to defend my opinions. Like in the hypothetical "reformed racist" scenario: Someone searching the net to read about him will come across that, and find what he's said... And then shun him, but he'll never find out why. Or maybe he'll get fired, or people come and key his car. What should he do? Post a sign in his front yard that says "I'm no longer a racist, I was wrong, and I'm sorry for the stupid shit I said in the past"?

And when it's the government that's archiving everything I've said, it's way worse. Instead of keying my car, they're going to take provocative things I've said in the past and trump them up to make me look like a terrorist, if they ever think I'm rocking their boat too hard.

Worse still, in UK after you are arrested you will be requested to provide a key to decrypt hundreds of KB of those random numbers that you sent, and you will be in prison until the key is working. Do you think they will believe that your emails were just random numbers? "That's what every crypto-terrorist is claiming!" they will tell you.

As it stands, you'd be better off if every 32-bit word that you sent is a sequential group of 4 bytes from your favorite book (or its ciphertext, if you wish, made with a known key.) At least when they put your feet over hot coals you will be able to save yourself. If that doesn't happen the numbers remain pretty random and your experiment will be unaffected.

Too late. I already do that sort of. I have a server that I maintain and do daily backups to a gmail account automatically. I use GPG to encrypt the data in 15MB segments. I have it sent to a gmail account daily. Gmail stores up to 8GB (I think/about) and that gives me about 30 days worth of backups at any given moment. When Gmail gets the email they are sent to trash. This way after about 30 days the old stuff gets deleted automatically. It's already working pretty well. I'm in the process of using it right now to restore my server.

While the cops are entering through the front door, I am exiting out the back, so I can remotely detonate the bombs and blow them to Kingdom Come. (Unless of course they have a valid warrant signed by a judge, in which case they may enter peaceably.)

With the thought of this looming, if ever there was a time for mass-adoption of GPGP or other open PGP/encryption methods, this is it. Shared keys, trust, and full party encryption needs to be adopted and expected by the public before that's outlawed as well in order to allow this type of system.

It's been long overdue - the level of surveillance the UK government has set up over the years is really overwhelming... how many more drops can that barrel take before the UK people finally kick them politicians in their well deserving @sses?

Here in Germany, with data retention and other laws like the BKA law that have been made over the last couple years, people are slowly waking up and seeing what is happening. 34000 people jointly went to the "Bundesverfassungsgericht" opposing the EU-originated data r

It's been long overdue - the level of surveillance the UK government has set up over the years is really overwhelming... how many more drops can that barrel take before the UK people finally kick them politicians in their well deserving @sses?

Not very soon. Do you know anyone who got arrested because of government spying on communications? over 99,9% of "normal" people neither. They don't know government is spying on them, because it isn't clearly visible. Normal people just want to continue their plain ex

The only requirement is to keep the logs for a year, from/to/time/date. Their thoughts (rightly or wrongly) is they want to be able to bring email inline with telephone records, where they can find out who called who and when - but not what you spoke about (we'll leave that to Echelon).

Lots of frothing about encryption and privacy, when in fact encryption won't help and privacy is moot. The ISPs already have logs of who connected to who and when. This plan merely seeks to increase and then enshrine the length of time they are kept, into law.

If (or when) the technology is developed to listen to and log everyone's face to face conversations, then the government will want to use it. After all, anyone could conspire with anyone else at any time to plot a crime, and they are the government, they need to know about it.

And if people are talking in a language or even a pronounciation that the snoopers cannot understand, it will be an offence not to provide an exact translation.

the mere suggestion that your email is no longer private would serve to kill the UK population's relish for new media stone dead

I only wish that were true, but sadly I feel your statement is something you dragged out of your ass. Most people's behaviour so far in using the likes of Facebook have shown that they're not likely to worry.

Exactly! The UK is bristling with cctv cameras running into police stations and campaigns to have citizens turn in other citizens over simply taking pictures on the street. This isn't a society that, as a whole, has shown a whole lot of wanna when it comes to protecting their privacy or really giving a crap.

The elderly population is growing in Britain. This large group is full of fear-filled ignorant and backwards people.

Despite being alive either in or around WWII or during the 60's when they were all for love and peace, these people are happy to turn the UK into a Nazi state so long as it keeps the coloured people out and criminalises young people just for being born.

I have no idea why the parent post was modded "Troll"?? This is what concerns me more than anything. The Daily Fail [dailymail.co.uk] will sensationalise anything, and unfortunately it's read by a lot of old people and a lot of people who are marginally too intelligent to read The Sun [thesun.co.uk] but not intelligent enough to realise the Daily Mail is no better. People who will turn out in record numbers to vote for any legislation that will hang hoodies [wikipedia.org] and expel immigrants.

Here are some links for you guys to check out. Please get out there and get involved:
The Open Rights Group look to promote your rights in a digital age:
http://www.openrightsgroup.org/ [openrightsgroup.org]
Tom Watson (a labour cabinet minister who has a blog) recently encouraged debate about a proposal by the culture secretary Andy Burnham concerning internet censorship. Here is a link to that post, and be sure to bring up this is issue and the proposed issue of a wider internet database:
http://www.tom-watson.co.uk/2008/12/andy-burnham-and-internet-site-classification/ [tom-watson.co.uk]
Try getting in contact with the Home Office directly and make your views heard:
Address: Home Office, Direct Communications Unit, 2 Marsham Street, London SW1P 4DF.
Tel: 020 7035 4848
Email: public.enquiries@homeoffice.gsi.gov.uk
The Labour Party can be contacted at:
Address: The Labour Party, Eldon House, Regent Centre, Newcastle Upon Tyne, NE3 3PW.
Tel: 08705 900 200
And above all else, keep up the pressure. Governments are concerned with one thing and one thing only. Power. If they realise this is an issue that could cost them an election, they will have very little option but to rethink.
Thank You.

...yet any criminal or terrorist need only ask a bright 14-year-old to set up an email server for them on their local machine serving encrypted mail through a non-standard port. As with most "fixes" of this nature they will only catch idiots and the innocent.

Remember that phrase? The older ones here might (depending on what country you're in) from the age when operators still existed.

Next step was talking in "code". Cryptography in a very crude fashion. So Uncle Martin was sick when we couldn't talk about that.

And why does anyone think this will be different now? Imagine you're a multinational terrorist organisation. Do you really think you have fewer tools at your disposal than the average company? In other words, the ability to inform your people about the th

Next step was talking in "code". Cryptography in a very crude fashion.

Codes are not "crude cryptography". Codes are a part of "natural language". Even "slang" and "jargon" can have the effect of rendering a conversation subject to being misinterpreted or impossible to understand by a third party even without that being a specific intention. It isn't exactly hard to come up with a code which is deliberatly misleading to evesdroppers. Assuming they even have to. e.g. The Brazilian police would probably have

Really, I don't think most people will care. If a nice leaflet/broadcast/website from the government explains "it's to catch terrorists" and "it's to catch really super big evil criminals" - most people will say "well I am not one of those so I don't care". A few people will mutter over their pints of beer and a couple of articles will appear in the papers, uber-geeks will use some encryption or other work around, the real criminals will read the geek websites and learn how to cover their tracks, and 99% of the population will just go on as before. They don't mind giving their credit card details out to online stores they've never heard of before, they'll not worry the government keeps a copy of their emails.

Little public outrage was voiced here in the UK when Echelon became known about. A few left wing and liberal newspapers wrote big articles on it blowing the whole thing open to the middle class public and it didn't get much more feedback than a few people switching their vote to a different mainstream party, a couple of letters from Angry of Tunbridge Wells to the Times, and a few dozen hackers waving banners outside a government building or two. The man on the Clapham omnibus just won't care.

If a nice leaflet/broadcast/website from the government explains "it's to catch terrorists" and "it's to catch really super big evil criminals" - most people will say "well I am not one of those so I don't care".

In practice it would be huge surprise if this wasn't used for everything except terrorism and organised crime. Given that so called "anti terrorist laws" have been used for all sorts of things which have nothing to do with terrorism whilst actual terrorists (such as SHAC) arn't even even prosecute

With this system it would be prudent for more people to use encryption of their communications. But from personal experience, 99% of people just don't care. They are perfectly happy to use a website for credit card purchases if there's a little padlock in their browser.

But when it comes to email or IM, they are happy for their thoughts to be in plain text. As a test, I tried sending a signed email to people I chat with, and they mostly complained what the hell is this crap in the email. Most were using MS-O

Unless you have a public key for the recipient, you can only send signed mail... when they reply to your signed mail they can then encrypt their response and give you their public key (and from then on you can send encrypted mail to them).

It appears that people do not want to take basic precautions for their personal life remaining personal. I would say more fool them, but their arrogance also affects the wider community.

Most people don't care mainly because they don't really understand that anything they send in the typical text or email is like writing it on the back of a postcard, and once something is on the internet, it's there for good.

Another rather large problem is that there aren't many good tools to make encryption simple and tr

I wonder why no one here has mentioned the real answer, The once famous Royal Mail is in financial trouble and this is a veiled method of getting people off that foreign internet and back to sending real letters.In the days of the Empire it worked, it will save the nation once more.

...with one hand the government seeks to lock down the British Internet with an iron fist, while at the same time telling us it is boosting innovation and business online. It is quite clearly blind to the fact that one affects the other.

No shit Sherlock?

Most of the problems in UK governmental IT are down to the fact that while the government wants to be at the cutting edge of digital technology, they have little or no understanding of the things they do.